From: Debian Javascript Maintainers <pkg-javascript-devel@alioth-lists.debian.net>
Date: Tue, 9 Jul 2024 15:36:33 +0000 (+0200)
Subject: Fix CVE-2024-24806
X-Git-Tag: archive/raspbian/18.20.4+dfsg-1_deb12u1+rpi1^2~1
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=9e6aed6aae6523b35ba52e729b0676f136d6d3a7;p=nodejs.git

Fix CVE-2024-24806

Bug: https://github.com/libuv/libuv/security/advisories/GHSA-f74f-cvh7-c6q6
Bug-Debian: https://bugs.debian.org/1063484
Origin: https://github.com/libuv/libuv
 git diff v1.48.0~5..v1.48.0~2

From upstream change log:
   Merge pull request from GHSA-f74f-cvh7-c6q6
    * fix: always zero-terminate idna output
    * fix: reject zero-length idna inputs
    * test: empty strings are not valid IDNA

See also https://github.com/libuv/libuv/security/advisories/GHSA-f74f-cvh7-c6q6
===================================================================

Gbp-Pq: Topic libuv
Gbp-Pq: Name fix-cve-2024-24806
---

diff --git a/deps/uv/src/idna.c b/deps/uv/src/idna.c
index 93d982ca0..858b19d00 100644
--- a/deps/uv/src/idna.c
+++ b/deps/uv/src/idna.c
@@ -274,6 +274,9 @@ long uv__idna_toascii(const char* s, const char* se, char* d, char* de) {
   char* ds;
   int rc;
 
+  if (s == se)
+    return UV_EINVAL;
+
   ds = d;
 
   si = s;
@@ -308,8 +311,9 @@ long uv__idna_toascii(const char* s, const char* se, char* d, char* de) {
       return rc;
   }
 
-  if (d < de)
-    *d++ = '\0';
+  if (d >= de)
+    return UV_EINVAL;
 
+  *d++ = '\0';
   return d - ds;  /* Number of bytes written. */
 }